rt61pci: fix NULL pointer dereference in config_lna_gain
authorStanislaw Gruszka <sgruszka@redhat.com>
Fri, 3 Aug 2012 10:49:14 +0000 (12:49 +0200)
committerJohn W. Linville <linville@tuxdriver.com>
Mon, 6 Aug 2012 18:29:58 +0000 (14:29 -0400)
We can not pass NULL libconf->conf->channel to rt61pci_config() as it
is dereferenced unconditionally in rt61pci_config_lna_gain() subroutine.

Resolves:
https://bugzilla.kernel.org/show_bug.cgi?id=44361

Cc: stable@vger.kernel.org
Reported-and-tested-by: <dolohow@gmail.com>
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
drivers/net/wireless/rt2x00/rt61pci.c

index f32259686b45778b77630328e54e2c1298b18a84..3f7bc5cadf9a8a7a433688e8d480d76de3c1ab82 100644 (file)
@@ -2243,8 +2243,7 @@ static void rt61pci_txdone(struct rt2x00_dev *rt2x00dev)
 
 static void rt61pci_wakeup(struct rt2x00_dev *rt2x00dev)
 {
-       struct ieee80211_conf conf = { .flags = 0 };
-       struct rt2x00lib_conf libconf = { .conf = &conf };
+       struct rt2x00lib_conf libconf = { .conf = &rt2x00dev->hw->conf };
 
        rt61pci_config(rt2x00dev, &libconf, IEEE80211_CONF_CHANGE_PS);
 }